UCF STIG Viewer Logo
Changes are coming to https://stigviewer.com. Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey

System Preferences must be securely configured so IPv6 is turned off if not being used.


Overview

Finding ID Version Rule ID IA Controls Severity
V-58459 AOSX-09-001240 SV-72889r1_rule Medium
Description
Security appliances and firewalls are not always IPv6 aware, meaning that IPv6 traffic is frequently unfiltered and unprotected. If it is not in use, it should be disabled.
STIG Date
Apple OS X 10.9 (Mavericks) Workstation Security Technical Implementation Guide 2017-01-05

Details

Check Text ( C-59301r1_chk )
Run the following command to check if IPv6 is enabled on any network interfaces:

sudo networksetup -listallnetworkservices | (while read dev; do echo "$dev"; networksetup -getinfo "$dev" | grep IPv6:; echo ; done)

If there is an enabled network interface without the setting 'IPv6: Off' and it does not require IPv6, this is a finding.
Fix Text (F-63789r1_fix)
Run the following command to turn off IPv6 addressing for the Ethernet interface:

sudo networksetup -setv6off 'Ethernet'

Repeat this command for each enabled interface, interface names are case sensitive.